Hacking Your Automobile

Security researchers found they could remotely gain access a vehicle's computer using Tire Pressure Monitoring System (TPMS).  (This is the system that monitors tire pressure in all the tires in your car. TPMS was optional on vehicles prior to 2008 and mandatory on vehicles from 2008 and newer.)

It turns out the TPMS data is sent to the vehicle's computer unencrypted and the car's computer will accept a connection from any device including ones reporting to be the TPMS pressure sensors.  If the researches rapidly sent a large number for readings or sent crazy values they found they could crash vehicle's computers requiring a reboot or in some cases hard crash the computer requiring replacement.

The researchers found they could pick-up TPMS transmissions from moving vehicles from 40 meters.  Thus it would be possible to track the movement or location of a specific vehicle over a short range.  It's theoretically
possible for a cyber-attacker to transmit a false low tire pressure value resulting in the driver pulling over thinking there's a flat.  Or send values crashing the car's computer.  Taking this to extremes, a cyber-attacker could drive around the parking lot at football/baseball game and disable thousands of car's computers in a matter of minutes.

The summary for this paper can be found at
http://www.usenix.org/events/sec10/tech/techAbstracts.html#Rouf
<http://www.usenix.org/events/sec10/tech/techAbstracts.html>  
and the full paper describing how they did it can be found at
http://www.usenix.org/events/sec10/tech/full_papers/Rouf.pdf

(Thanks to Doug Spindler from SF Pacific IT Pros)